Mumbai, India, February 26, 2024

Gartner Security & Risk Management Summit 2024 India: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in India. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the Gartner opening keynote presentation, sharing the top trends for cybersecurity in 2024, and discussing five things you need to know about continuous control monitoring. Be sure to check this page throughout the day for updates.

Key Announcements

Gartner Forecasts Security and Risk Management Spending in India to Grow 12% in 2024

Gartner Opening Keynote: Dispelling 4 Myths That Prevent Cybersecurity from Unlocking Its True Value

Presented by Oscar Isaka, Sr Director Analyst, Gartner and Deepti Gopal, Director Analyst, Gartner

Cybersecurity can generate significant value for enterprises, but security leaders need to challenge the myths that obscure its true value. In this session, Oscar Isaka, Sr Director Analyst at Gartner and Deepti Gopal, Director Analyst at Gartner, debunked four common security myths and highlighted the decisions and practical steps cybersecurity leaders must take to create maximum value and deliver success.

Key Takeaways

“CISOs must embrace a “Minimum Effective” mindset to maximize the impact of cybersecurity for the business. This mindset promotes the delivery of maximum impact.”
More Risk Analysis Equals Better Protection. “Instead of continuing to pursue more data and analysis, CISOs must adopt a “Minimum Effective Insight” approach.”
“Outcome driven metrics (ODMs) can offer minimum effective insight to support business driven cyber decisions and investments.”
More tools equals better protection. CISOs often get stuck in a gear acquisition mindset when what they truly need to focus on is adopting a “Minimum Effective Toolset.”
More cybersecurity professionals equals better protection. “Develop a “Minimum Effective Expertise” which involves providing employees with the necessary expertise and technology to enable them to make risk-informed decisions independently.”
More control equals better protection. “CISOs must adopt a “Minimum Effective Friction” approach to balancing controls, minimizing the friction on user experience and productivity.”

It’s not too late to join the conference!

Top Trends for Cybersecurity, 2024

Presented by Deepti Gopal, Director Analyst, Gartner

Chief information security officers (CISOs) and their teams are facing disruptions across multiple converging fronts: technological, structural and the human element. Proactive preparation and pragmatic execution are vital to address these disruptions, and deliver an effective, optimized cybersecurity program. In this session, Deepti Gopal, Director Analyst at Gartner, discussed the significant trends in security and risk management and how organizations can take advantage of these trends to drive cybersecurity outcomes.

Key Takeaways

Through 2025, generative AI will cause a spike in the cybersecurity resources required to secure it, causing more than a 15% incremental spend on application and data security. “CISOs must update application and data security practices to integrate new attack surfaces such as the prompts or the orchestration layers to instrument AI models.”
“Outcome driven metrics (ODMs) are operational metrics that enable stakeholders of organizations to establish a direct correlation between their investments in cybersecurity and the level of protection they receive.”
“A defensible cybersecurity program depends on all parties agreeing on what they are willing to spend, based on agreement on the appropriate level of protection.”
“Security behavior and culture programs (SBCP) focus on fostering new ways of thinking and embedding new behavior with the intent to provoke new, more secure ways of working across the organization.”
“Continuous threat exposure management is helping security leaders keep up with the pace of change. It is impactful because it not only seeks to address gaps in security controls, but also in risk understanding and response/remediation processes.”

5 Things You Need to Know About Continuous Control Monitoring

Presented by Tisha Bhambry, Director Analyst, Gartner

Continuous controls monitoring (CCM) allows high-frequency and automated management of controls designed to mitigate risk and validate their effectiveness. In this session, Tisha Bhambry, Director Analyst at Gartner, shared the five most important benefits of using CCM.

Key Takeaways

“CCM in cybersecurity is a technology designed to improve organizations’ security posture and the productivity of CISO and IT operational team by automating control effectiveness monitoring and relevant information gathering from diverse sources in a near-real-time manner.”
“The CCM tool can provide you with a repository that is continuously updated in case you have a new mandate, allowing you to map and identify any gaps.”
Organizations that deploy CCM can experience the following benefits:
Increased Productivity
Reduction in Manual Cost
Improvement in Accuracy
Enhanced Visibility
Prioritization Enablement

“CCM tools have multiple benefits but they come at an additional cost. Moreover, the software doesn't run on its own. So you need people as well to manage it.”
“Data sources are essential for the successful implementation of a CCM solution. CISOs must identify the data sources available in their IT and security management portfolio and determine if they can be used as sources.”

View coverage from Day 2

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com.